North America ISRM 2013 

Browse All of Our Events »

First-time North America ISRM conference attendee Nashira Layade.

North America ISRM Has Concluded!

On the final day of North America ISRM, presentations focused on topics ranging from email hacking to global risk management to safety in the Cloud.

Special keynote presenter Captain Richard Phillips enthralled the audience by recounting his tale of kidnapping at sea, the basis for the film Captain Phillips. He followed his presentation by signing copies of his memoir.

Captain Phillips' keynote presentation is recapped in the Las Vegas Review-Journal.

Ex-CIA man Robert Bigman took the stage for the closing keynote, titled "Why What We're Doing Isn't Working." Bigman explored the evolving world of cyberthreats, addressed security tactics that no longer work, and offered new tactics for the audience of security professionals.

Captain Phillips signs copies of his memoir at ISACA's North America ISRM.

Congratulations to Vivian Agu, winner of a drawing for a tablet at North America ISRM, pictured with ISACA CEO Ron Hale.

QR CodeScan the adjacent code to download the North America ISRM Mobile App from iTunes or Google Play.

Stay connected at this year’sNorth America ISRM Conference with your smart phone or other mobile device!

Smart Phone AppWith this FREE new feature you will be able to:

  • Build your own conference schedule
  • Complete conference session surveys
  • Take notes, and export to email to yourself for review later
  • View session presentations

To access this powerful tool, please visit our smart link.

Get Social

While at North America ISRM, connect with your fellow attendees in person and online. Find photos, videos and daily recaps on ISACA’s Facebook page. Share LinkedIn status updates. And use #ISACANA on Twitter to follow the conversation and ensure that your tweets are seen by fellow attendees.

Share your conference experiences with us! Tweet or email a conference “selfie” and it may be published on the ISACA Facebook page or web site. Remember to use #ISACANA or email

Have a great conference. We’ll see you in Las Vegas and in the social sphere!

32 Hours
Earn up to 32 CPE Hours!

 Thank You to Our Sponsors!




C&F AdaptiveGRC

BEW Global

Boldon James


To view all sponsors and exhibitors,
click the Sponsors tab

  Follow @ISACANews on Twitter and get the latest updates about ISRM with the hash tag #ISACANA

Program Information

Immerse yourself in 2.5 days of:

Educational sessions — workshops, keynotes, case studies and panel discussions
Networking events — spotlight educational sessions, attendee receptions, workshops and more

View program tracks and workshops below.

Track 1: Cybersecurity
Track 2: Privacy/Security
Track 3: Risk Management
Track 4: Compliance
Track 5: Forums

One-Day Workshops

Monday, 4 November 2013

WS1: COBIT 5 for Security
WS3: Data Privacy Risks
WS5: A Practical Approach to Network Vulnerability Assessment (closed)

Tuesday, 5 November 2013:

WS2: COBIT 5 for Risk (WS2 has sold out. Please contact the
conference department to add your name to the waiting list.)
WS4: Innovate your Cybersecurity Solutions: Understand and Respond to Current Threats and Incidents
WS6: BYOD: Securing Mobile Technologies (closed)
WS7: Tools & Techniques of Digital Forensics and eDiscovery

2013 Conference Dates and Times

Pre-Conference Workshop Registration

Monday, 4 November; 7:30AM - 12:00PM
Tuesday, 5 November; 7:30AM - 12:00PM

Pre-Conference Workshops

Monday, 4 November; 9:00AM - 5:00PM
Tuesday, 5 November; 9:00AM - 5:00PM

Conference Registration Times

Tuesday, 5 November; 3:00PM - 7:00PM
Wednesday, 6 November; 7:00AM - 5:00PM
Thursday, 7 November; 7:30AM - 5:00PM
Friday, 8 November; 8:00AM - 12:00PM


Wednesday, 6 November; 8:30AM - 5:00PM
Thursday, 7 November; 8:30AM - 5:15PM
Friday, 8 November; 8:30AM - 12:30PM

Friday Morning, 8 November: Closing Keynote Address

Why What We’re Doing isn’t Working

  Download Presentation

Robert BigmanRobert Bigman, President of 2BSecure, LLC, recently retired from the Central Intelligence Agency (CIA) after serving a 30-year career. Recognized as a pioneer in the field of classified information protection, Bigman developed technical measures and procedures to manage the nation’s most sensitive secrets. Bigman participated in developing security measures for government computers, and then developed solutions to allow the CIA to use the Internet to further its mission without exposure.

As the Agency's Chief Information Security Officer (CISO), Bigman managed a large organization of technical and program officers responsible for the protection of all Agency information. Bigman also served as the designated officer for all discussions with the information security industry and its commercial partners. He has contributed to almost every Intelligence Community information security policy/technical standard, and has provided numerous briefings to the National Security Council, Congress and presidential commissions. Bigman has received numerous CIA and Director of National Intelligence awards.

  • Stage Setting – The Current State of Computing Technology
  • Fighting Today’s Threats With Yesterday’s Technology
  • The Lessons From Plug-X
  • Protecting O/S Kernels with Applications
  • Signatures, Heuristics and Cyber Intelligence Clouds
  • Positive Changes in Protection Philosophy

Wednesday Morning, 6 November: Opening Keynote Address

Embracing Uncertainty—How Big Data Is Transforming Security Management

  Download Presentation (19M)

Eddie Schwartz, CISA, CISM

Despite the best efforts and significant investments of security teams, various classes of threat actors continue to wreak havoc within organizations today. The challenge for our profession is how to reduce the impact of unknown and unexpected attacks and risks when traditional security technologies, processes and skills have proven to be inadequate.

Big data is transforming four critical areas of security in leading organizations: security management, fraud, GRC, and identity management. This keynote will discuss the drivers for this transformation and provide a blueprint for organizations looking to embrace uncertainty and succeed in the face of advanced threats and complex security risks.

Hear what Keynote Speaker Eddie Schwartz, CISA, CISM, VP of Global Security Solutions at Verizon Enterprise Solutions, has to say about the value of attending ISRM.

Eddie Schwartz is Vice President of Global Security Solutions for Verizon Enterprise Solutions. Previously he was Chief Information Security Officer (CISO) for RSA and was co-founder and CSO of NetWitness (acquired by EMC), CTO of ManTech, EVP and General Manager of Global Integrity (acquired by INS), SVP of Operations of Guardent (acquired by VeriSign), CISO of Nationwide Insurance, a Senior Computer Scientist at CSC, and a Foreign Service Officer with the U.S. Dept. of State. Schwartz has 25 years experience in the information security field,.

Schwartz has advised a number of early stage security companies, and served on the Executive Committee for the Banking Information Technology Secretariat (BITS). Schwartz has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management.

Want more from Eddie? Read his recent ISACA Now Blog post, which previews his presentation, here.

Friday Morning, 8 November: Special Keynote Address

Insights on Protecting Enterprise Assets from Even the Most Unpredictable Threats

Captain Richard PhillipsCaptain Richard Phillips
Captain of the Maersk Alabama
Maersk Line

Hero of the high seas, author of "A Captain’s Duty: Somali Pirates, Navy SEALs, and Dangerous Days at Sea," Captain Phillips caught the world’s attention when he was captured by Somali pirates in 2009.

On 8 April of that year, his vessel, the Maersk Alabama, became the first U.S. ship in more than 200 years to be hijacked at sea. Over the course of the next five days, Captain Phillips’s forward planning, quick thinking and heroism saved him, his crew and his ship.

A graduate of the Massachusetts Maritime Academy, Captain Phillips is a member of the International Organization of Masters, Mates & Pilots Union, and a licensed American merchant mariner. He became Captain of the MV Maersk Alabama in 2009. The gripping events surrounding his ship’s capture and his eventual rescue by US Navy SEALS have been made into a soon-to-be released Columbia pictures movie starring multiple Oscar-winner Tom Hanks.

His story highlights the need for all enterprises to have clear guidelines for safety and security. It also stresses the importance of leadership and creativity in any crisis situation. Ultimately it demonstrates that having an action plan for any eventuality is an essential foundation for protecting enterprise assets in the face of even the most unpredictable of threats.

Hear from Captain Phillips himself in the ISACA Now Blog post, “Risk and reward, typhoons and hurricanes—thoughts from a floating CEO”, which is linked here.

Program Sessions and Workshops

Monday, 4 November 2013

Time Pre-Conference Workshops


WS1—COBIT 5 for Security
WS3—Data Privacy Risks
WS5—A Practical Approach to Network Vulnerability Assessment

Tuesday, 5 November 2013

Time Pre-Conference Workshops


WS2—COBIT 5 for Risk
WS4—Innovate your Cybersecurity Solutions: Understand and Respond to Current Threats and Incidents
WS6—BYOD: Securing Mobile Technologies
WS7—Tools & Techniques of Digital Forensics and eDiscovery

Wednesday, 6 November 2013

Time Sessions


Opening Keynote—Embracing Uncertainty—How Big Data Is Transforming Security Management




111—Hot Topic: SCADA/NERC CIP
112—Big Data & Privacy by Design
113—Vendor Supply Chain Management
114—RX for Healthy Security
115—Responding to Cyberattacks Forum




121—Hot Topic: Cloud Maturity Survey
122—Cybersecurity: an Advanced Innovative Approach to Advanced Persistent Threats
123—Hot Topic: COBIT 5 for Risk
124—FISMA - The Private Sector Impact
125—Megatrend Session: The Evolving Threat Landscape – Microsoft Security Intelligence Report (Sponsored by Microsoft)




131—Advances in Incident Management
132—Hot Topic: Addressing Vendor Risk
133—Towards Trustworthy Cloud Computing
134—Security Metrics
135—Megatrend Session: Time for BCM? Why and When to Include BCM in Broader Risk Management Efforts (Sponsored by Modulo)




141—Modern Cyberthreats
142—Data Privacy and Protecting Personal Information
143—BYOD Risk Management
144—SOC 2SM at Age 2
145—COBIT 5 Forum


Solution Center/Expo Hall Reception


SP1—GRC Information Security Management for Data Privacy, Cloud and Enterprise (Sponsored by AdaptiveGRC™)
SP2—Building a Security Program that Protects an Organization’s Most Critical Assets (Sponsored by BEW Global)


SP3—How Data Classification can Harness the Value of Big Data (Sponsored by BoldonJames)
SP4—Impact of PCI DSS 3.0 (Sponsored by FishNet Security)

Thursday, 7 November 2013

Time Sessions


211—Cybersecurity: What's Your Plan?
212—Don't Let Your Apples Fall Far from the Tree—Understanding iOS Deployment Risk
213—Social Media — Managing Key Organizational Risks
214—Compliance in the Cloud
215—Cybersecurity Forum




221—Automating the 20 Critical Security Controls
222—Forensics and Big Data
223—Business Continuity in Emerging Technologies
224—Forensics and eDiscovery: Managing Risk and Privacy
225—Industry Analyst Forum


LL1 – Modulo Lunch & Learn - Embracing Shadow IT - How to encourage innovation within a secure Shadow IT infrastructure


231—Digital Forensics: Bringing It In-House
232—Creating a Culture of Continuous Compliance via IAG
233—Stored Data…Time to say Goodbye
234—Security Managers Understanding Privacy
235—OMG! Boomers, Gen X, Gen Y and Traditionalists




241—Cybersecurity with COBIT 5 Part 1
242—Resistance in a Cyber Cold War: Security as a Service
243—Hot Topic: Assessing & Managing Info Risk in an Outsourced Environment
244—SSH User Key Mismanagement in Today’s Large Enterprise
245—Megatrend Session: Next Generation Security and Compliance Programs (Sponsored by RSA)




251—Cybersecurity with COBIT 5 Part 2
252—PCI DSS 3.0, What Does It Mean For All of Us?
253—Operational Risk Management
254—Certified ISO 31000 Risk Manager
255—Risk Forum


SP5—Risk Management 2.0 - From Information Security to Enterprise Risk Management (Sponsored by Modulo)


Free Night

Friday, 8 November 2013

Time Sessions


311—All Quiet on the Cyber Front: Monitoring & Breaches
312—Hackers Get Personal: New Face of Email Security
313—Deploying Information Risk Management Globally and Avoiding the Pitfalls
314—ISO 27001 - What You Need to Know About Recent Changes
315—Is Your Data Safer in the Cloud?




Special Keynote—Insights on Protecting Enterprise Assets from Even the Most Unpredictable Threats


Closing Keynote—Why What We’re Doing isn’t Working


Continuing Professional Education Credits

To maintain ISACA certifications, certification holders are required to earn 120 CPE credit hours over a three-year period in accordance with ISACA’s continuing professional education (CPE) policy. Attendees can earn up to 32 CPE credits; 18 by attending North America ISRM and an additional 7 CPE credits for attending each day of optional workshops. ISACA conferences are Group Live and do not require any advanced preparation.

ISACA is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site:

Conference Registration Fees

Member US $1,550 Non-member US $1,750

One-Day Workshop

Member US $550 Non-member US $750

Cancellation Deadline:

9 October 2013

Online Registration Close Date

1 November 2013

Group Discounts

ISACA offers discounts to organizations sending 4 or more employees to a single conference. Please contact the ISACA Conference department for more details at +1.847.660.5585 or

All fees are quoted in US dollars. The entire registration fee must be received by ISACA before your registration will be considered paid in full.


Registration Methods

On-line registration for the 2013 ISRM Conference is now closed.
On-site Workshop and Conference registration will open on Monday, 4 November at 7:30AM at the Cosmopolitan Hotel’s Belmont Registration Area located on the 4th level.  We look forward to seeing you there!

Email your completed registration form to


Cancellation Policy

If your plans change and you won’t be able to attend the conference and/or workshop, contact us by phone, fax or e-mail to cancel your registration. All cancellations must be received by 9 October 2013 to receive a refund of registration fees. A cancellation charge of US $100 will be subtracted from conference refunds, and US $50 from workshop refunds. No refunds can be given after 9 October 2013. Attendee substitution is permitted at any time until the conference. If a nonmember is substituting a member, then there will be additional nonmember fees.

NOTE: Registration is contingent upon full payment of the registration fee. To guarantee registration, conference and/or workshop fees must be received by the published deadline. It may take 10 or more business days for a wire transfer or mailed check to reach ISACA, so please plan accordingly. If, for any reason, ISACA must cancel a course or event, liability is limited solely to the registration fees paid. ISACA is not responsible for other expenses incurred, including travel and accommodation fees. Conference materials are not guaranteed to those who register onsite or fail to submit payment prior to the event. For more information regarding administrative policies, please contact the ISACA conference department.
Phone: +1.847.660.5585
Fax: +1.847.253.1443


ISACA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISACA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISACA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices. All materials used in the preparation and delivery of presentations on behalf of ISACA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISACA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers.

Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Not a member of ISACA? Join today!

When you register for the conference as a nonmember, the difference between member and nonmember conference fees can be applied towards ISACA membership. This means you can become a member at the international and chapter level for little to no additional cost; it just depends on your local chapter dues. To take advantage of this great offer, check the box on the registration form. For more information about ISACA membership, visit the web site at or contact the membership department at

NOTE: This offer expires 30 days after completion of the event. Nonmembers pay the nonmember conference fee when registering.

Permission to be Photographed

By attending this event, the registrant grants permission to be photographed and videotaped during the event. The resultant photographs and videos may be used by ISACA for future promotion of ISACA’s educational events on ISACA’s web site, in social media and/or in printed promotional materials, and by attending this event, the registrant consents to any such use. The registrant understands any use of the photographs and videos will be without remuneration. The registrant also waives any right to inspect or approve the aforementioned use of any photographs or videos now or in the future.


Business casual is appropriate for this and all ISACA conference events.

A City Room at The Cosmopolitan of Las Vegas

Day club pool

Terrace studio balcony


Venue and Accommodations

The Cosmopolitan of Las Vegas

3708 Las Vegas Boulevard South
Las Vegas, NV 89109



The Cosmopolitan’s specially discounted ISRM rate is no longer available.

We suggest these other hotels nearest to the Cosmopolitan:

Planet Hollywood Resort and Casino
Vdara Hotel and Spa
Paris Las Vegas Hotel and Casino
Aria Hotel and Casino



  125—Megatrend Session: The Evolving Threat Landscape — Microsoft Security Intelligence Report

Microsoft’s Trustworthy Computing group focuses on creating and delivering secure, private, and reliable computing experiences based on sound business practices. Our goal is a safer, more trusted Internet.


  135—Megatrend Session: Time for BCM? Why and When to Include BCM in Broader Risk Management Efforts
  SP5—Risk Management 2.0 - From Information Security to Enterprise Risk Management
  LL1—Embracing Shadow IT - How to Encourage Innovation Within a Secure Shadow IT infrastructure

Modulo is the leading global provider of information & technology GRC solutions, offering flexible and affordable methods for managing risk, compliance, and business continuity across the enterprise and extended enterprise of vendors. 1,000+ customers leverage Modulo to automate workflow; report compliance against regulations, standards, policies; prioritize risk through analytics and business metrics; secure cloud environments; remediate vulnerabilities; and more.

Modulo is the first company in the world to obtain ISO 27001 certification – the international standard for the governance of information security management systems – which guides Modulo’s product development and risk-reduction methodology. Modulo continues to lead the creation of International Standards in the GRC space.

Modulo’s software solutions streamline GRC by automating processes enterprise-wide, reducing complexity and cost. A broad range of organizations – especially those heavily reliant on technology systems, vendor networks, and electronic transactions – report a high ROI from Modulo’s quickly deployed, scalable, and content-rich platform.





Event Exhibitors

  2013 NA ISRM Floor Plan

For Exhibitor and Sponsorship Opportunities

Please contact:

Sean Stringer
Director of Sponsorship
Phone: +1.847.660.5729
Fax: +1.847.253.1443

  2014 North America ISRM Sponsorship Brochure
  2014 North America ISRM Sponsor License Agreement
  Exhibitor and Sponsorship Information


Contact ISACA's Education/Conference Department:
Tel: +1.847.660.5585
Fax: +1.847.253.1443

Media Inquiries

Contact the ISACA Communications Department:
Tel: +1.847.660.5512 or

Please address Sponsorship questions to: